About Me

Reputability are thought leaders in the field of reputational risk and its root causes, behavioural risk and organisational risk. Our book 'Rethinking Reputational Risk' received excellent reviews: see www.rethinkingreputationalrisk.com. Anthony Fitzsimmons, one of its authors, is an authority and accomplished speaker on reputational risks and their drivers.
Reputability helps business leaders to find these widespread but hidden risks that regularly cause reputational disasters. We also teach leaders and risk teams about these risks.
Here are our thoughts, and the thoughts of our guest bloggers, on some recent stories which have captured our attention. We are always interested to know what you think too.

Thursday, 24 March 2011

Once upon a time, most financial, law and accounting firms were true partnerships. The partners shared all the profits, but if anyone in the partnership made a really bad mistake, the firm would lose its reputation and all the partners could lose their shirts. This gave partners a viceral interest in managing risks to the business. Risks to their reputation were the biggest.

Along came the Big Bang, and most financial firms became limited liability companies. Partners became shareholders with limited liability. If disaster struck, they could lose their shares - if they retained any - but only the person who actually made the mistake was at any risk of losing his shirt. Corporate reputation no longer matters so much to most individuals since most can move if their firm loses its reputation.

Since then, most big accountants have become limited liability partnerships. Law firms are following closely behind. A few professional firms have welcome external capital, and more will do so.

When you add the way in which profit is distributed, the effect is increasingly similar to the Big Bang, though its slow motion is more like a prolonged whimper. Most of those who run or trade through financial firms, law firms and accountants now take a full share of the upside but only limited or no downside risks.

For individuals, a system that offers "vast risk-free payouts" (as Geraint Andersen described them) is as attractive as it is valuable. Banks have learned just how disastrous it is to separate the depths of downside risk from reward; but accountants and lawyers seem to be going, blindly, down a similar route with one important difference: no audit or law firm is "too big to fail". No-one will rescue them from oblivion.

Since reputation is one of the big drivers of share price, this personal risk of losing money may well influence behaviour, particularly as accumulated unsellable share awards become a substantial proportion of the personal wealth of influential individuals. Even so, there will be unintended consequences, such as increasing the reasons for stars to move regularly. Identity economics points to one way to solve this problem. And to be effective, the system needs to draw in all important players, not just 'top bankers'. Goldman has already got that point.

But for lawyers and accountants, this approach is not likely to work. Unlike banks (not to mention the likes of BP), law firms and accountants are often fairly thinly capitalised; and few are quoted companies. Their most important asset by far is their reputation. Without that, they can't attract clients, get credit or retain their valuable but mobile talent.

For professional firms, reputation is the key to life. For them, finding, understanding and controlling sources of reputational risk is the key to surviving almost any kind of crisis, as professionals' personal interests increasingly diverge from those of their firms.

The trouble is that current risk analysis techniques were not designed systematically to find let alone manage risks to reputation. As one sage put it, conventional risk assessment does not address reputation risks adequately, but produces an incomplete picture of susceptiblity and escalation potential. Nor does it present a sufficiently joined-up picture.

When that kind of reputational risk becomes a reality, they call it a Black Swan. But it isn't. The risks are there to be found. If you know how to look for them.

Thursday, 17 March 2011

As Lex reports today, the reputation of nuclear technology has "suffered a mortal blow". For those seeking readable technical background on nuclear safety, Charles Perrow gives a lucid analysis of why at least older nuclear power stations are inherently risky particularly once something starts to go wrong, in his book “Normal Accidents”.

We are already hearing claims that Japan's nuclear problems "couldn't happen here” and that modern nuclear power can be “safe”. This claim needs rigorous examination. As Japan's nuclear travails again show, a mistake in balancing the probabilities and the potential harm exposes large numbers to exceptionally great harm.

Both politicians and CEOs regularly make bad decisions in balancing short term gain (tax flows, profit flows, growth and votes) with a small probability of a very serious harm. Their decisions are regularly shown to be spectacularly bad once enough time has elapsed for the small probability in any year to turn into a real and nasty event. Whether this is because they underestimate the risks or because they correctly conclude that 'it' is unlikely to blow up on their watch is a question for more research. Nicholas Taleb would say many are 'fooled by randomness'.

The problem is that whilst the basic risk seems small (one chance per thousand per unit per year seems minuscule), over enough units and years, the risk can become a substantial probability. And if the probability is of something very nasty and equally expensive, it matters. For some national examples, consider Japan's nuclear problems, Iceland's banks or Ireland's economy. And for companies, consider Andersen, Lehman, Northern Rock and oil companies drilling in deep water, not to mention what has become the "too big to fail" problem in the banking sector.

There needs to be greater understanding of risk. This should begin with greater clarity in explaining risks particularly of the very low probability/very high impact type. Nuclear power is an excellent and topical example, particularly since the nuclear industry does not have a reputation for openness or honesty.

One approach is to show risk not as pure probability but as the probability (including any time factor) multiplied by the harm. At its simplest, a random “once in a hundred years” risk of a £10 billion harm can be visualised as having a present value of £100 million per year; or (give or take an assumption or two) £2 billion over 20 years.

If the nuclear industry wants to regain public trust, it needs to be open and scrupulously honest in explaining nuclear risks. It should start doing things differently today.

Friday, 4 March 2011

Is there a cadre with the experience and skills to become Sir David Walker's new generation of BOFI1 Chief Risk Officers? The largest insurance and reinsurance companies and some big banks, have had CROs for a few years, but the arrival of these pioneers has been haphazard.

A recent report by Hedley May , drawn to my attention by the FT's Megan Murphy, makes interesting reading. Propelled by Sir David Walker's insistence on universal CROs for BOFIs, with near-board-level status, HM suggest that a new, high-flying breed of CRO needs to emerge. It does. And the breed, with its status, should spread to all large complex enterprises.

There is no specification of this new breed. What should it look like? Here are some ideas. Some are borrowed from HM's report. Please hone them using the comment space below. Characteristics should include:

a nose for 'something not quite right' and the inquisitiveness to follow through

persistence

forensic and policing skills

people, mediation, problem-solving and negotiation skills

the imagination and flair to turn problem risks into sound commercial opportunities

Three difficult areas are incentives, promotion and education.

Pay, bonuses and other incentives will need careful thought. The CRO's overwhelming motivation should be to ensure that the company is able to continue through whatever vicissitudes fate, its staff or its leaders throw at it. Total loyalty to the company, not to the team, will be essential. CRO pay, rations, life and death will probably have to be in the gift of the NEDs, not executives.

Promotion is problematic for such high fliers. If the CRO job is seen as a route to internal promotion dependent on the C-suite, it will corrupt a CROs' loyalty. To be effective, a CRO needs unqualified loyalty to the company, not the C-suite. And the notion that "CRO" is a 3 year job on the way to CEO will produce inexperienced and ineffective CROs tuned to the short term and gaining favour rather than long term stability of the company.

Different solutions will be found, but all are likely to involve primary loyalty to non-executives rather than executives and the means to make the job sufficiently high status, interesting and rewarding that potential CEOs are prepared to spend 10 years not three in the job. In the longer term, many CROs may be of equivalent status to CFOs - and content to stay that way.

Thirdly, specialised education will be essential. Few if any MBA establishments teach about risk to the depth and breadth necessary. Most will find, if they are honest with themselves, that they lack the skills to teach it properly. New specialist education will be required, with teaching by risk specialists that operate at business strategy level as well as understanding the nuts and bolts of risk. A range of risk-strategy MSc courses may be needed for budding CROs.

Risk has long been been a Cinderella area. BOFI CROs are being created and invited to the C-suite ball. Once they have gained the skills and performed well, many will see top positions opening up to them. Other large complex companies should follow the trend. The challenge for boards will be to keep the best CROs in post for long periods.